Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-13159

ezinfo/about extension info inconsistent usage/insertion of html tags

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Medium
    • Resolution: Unresolved
    • Affects Version/s: 3.10.0, 3.9.4, 4.0.0, 4.6.0beta1
    • Fix Version/s: Future
    • Component/s: Legacy > Extensions
    • Labels:
      None

      Description

      It's unclear at the moment in which values in the array returned by an extensions ezinfo.php info method html tags can appear. Also, there happens an automatic replacement of all occurrences of eZ P|publish and eZ S|systems to make links of them.

      Current ezoe (http://svn.ez.no/svn/extensions/eztinymce/trunk/ezoe rev. 2963) for example will show a html tag in the ezinfo/about view output, visible to the user:

      Includes the following library:
      
          * Name : eZ Core, tiny javascript library for ajax and stuff
            Version : 0.95
            Copyright : Copyright (C) 2008 <a href="http://ez.no/">eZ Systems AS</a>
            License : Licensed under the MIT License
      

      Certainly not what we want.

      I suggest that we do not do any automatic replacements any more, and allow anchor tags with a value for the href attribute that uses the http protocol anywhere. All other tags should be escaped.

        Attachments

          Activity

            People

            • Assignee:
              unknown unknown
              Reporter:
              Cyberwolf Kristof Coomans
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated: